Hi !
I’m used to have many working projects to deal with Windows environment using Active Directory service account, ciffered using Hashicorp Vault. Projects are launched from a Debian 11 server to many Windows Server targets (mostly OS Server 2019-2022)
At the moment, while I wanted to migrate an Ansible project usually launched from my Debian server to AWX, I faced an error that happened on both.
My simple tests do the following :
---
# --------------
- name: test-webrequest-win
hosts: all
vars_files:
- vars.yml
tasks:
- name: Test win_ping
ansible.windows.win_ping:
- name: Test Sleep 10 sec
ansible.builtin.wait_for:
timeout: 10
delegate_to: localhost
- name: Test check webrequest
ansible.builtin.uri:
url: http://{{inventory_hostname}}:6666/
return_content: yes
delegate_to: localhost
My vars.yml is configured like this :
---
ansible_user: "{{ vault.ansible_account }}"
ansible_password: "{{ vault.ansible_password }}"
#### Configuration Ansible WinRM
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_transport: kerberos
Here’s my issue, as you can see below the win_ping (or every windows tasks actually) is working great, but the big surprise is about the ansible.builtin.wait_for module
PLAY [test-webrequest-win] ************************************************************************************************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************************************************************************************************************jeudi 08 février 2024 15:55:34 +0100 (0:00:00.014) 0:00:00.014 *********
ok: [10.10.10.10]
ok: [my-server.ansible.com]
TASK [test win_ping] ******************************************************************************************************************************************************************************************jeudi 08 février 2024 15:55:38 +0100 (0:00:04.082) 0:00:04.097 *********
ok: [my-server.ansible.com]
ok: [10.10.10.10]
TASK [Test sleep 10 sec] **************************************************************************************************************************************************************************************jeudi 08 février 2024 15:55:40 +0100 (0:00:02.538) 0:00:06.635 *********
fatal: [10.10.10.10 -> localhost]: UNREACHABLE! => {"changed": false, "msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377))", "unreachable": true}
fatal: [my-server.ansible.com -> localhost]: UNREACHABLE! => {"changed": false, "msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377))", "unreachable": true}
I test with a lot of hosts to check if something was wrong from the AD parts but everything is ok about gathering facts and test win_ping, no matter if I use FQDN (which is advised) or IP (in my case it was about testing only)
Any advices out there ?
Gael